Zeljka Zorz
Microsoft fixes exploited zero-day, revokes certificate used to sign malicious drivers (CVE-2022-44698)
It’s December 2022 Patch Tuesday, and Microsoft has delivered fixes for 50+ vulnerabilities, including a Windows SmartScreen bypass flaw (CVE-2022-44698) exploited by …
State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP! (CVE-2022-27518)
An unauthenticated remote code execution flaw (CVE-2022-27518) is being leveraged by a Chinese state-sponsored group to compromise Citrix Application Delivery Controller (ADC) …
Critical FortiOS pre-auth RCE vulnerability exploited by attackers (CVE-2022-42475)
A critical RCE vulnerability (CVE-2022-42475) in Fortinet’s operating system, FortiOS, is being exploited by attackers, reportedly by a ransomware group. “Fortinet …
Vulnerability with public PoC affects Cisco IP phones, fix unavailable (CVE-2022-20968)
A high-risk stack overflow vulnerability (CVE-2022-20968) may allow attackers to DoS or possibly even execute code remotely on Cisco 7800 and 8800 Series IP phones, the …
Apple unveils end-to-end encryption for iCloud backup, Photos, etc.
Apple is expanding end-to-end encryption options for users and finally offering E2EE for their iCloud backup. Advanced Data Protection for iCloud “iCloud already …
Kali Linux 2022.4 released: Kali NetHunter Pro, desktop updates and new tools
Offensive Security has released Kali Linux 2022.4, the latest version of its popular penetration testing and digital forensics platform. New tools in Kali Linux 2022.4 Aside …
Rackspace Hosted Exchange outage was caused by ransomware
Rackspace has finally confirmed the cause of the ongoing outage of its Hosted Exchange service: it’s ransomware. “As you know, on Friday, December 2nd, 2022, we …
Attackers take over expired domain to deliver web skimming scripts
Attackers have taken over at least one expired domain that used to host a popular JavaScript library and used it to deliver web skimming scripts to a number of e-commerce …
Google Chrome zero-day exploited in the wild (CVE-2022-4262)
Google has patched CVE-2022-4262, a type confusion vulnerability in the V8 JavaScript engine used by Google Chrome (and Chromium), which is being exploited by attackers in the …
Rackspace Hosted Exchange service outage caused by security incident
Cloud computing company Rackspace has suffered a security breach that has resulted in a still ongoing outage of their Hosted Exchange environment. “In order to best …
All of Medibank’s stolen data leaked, Australia increases maximum penalties for data breaches
Australian health insurance provider Medibank has confirmed that another batch of the customer data stolen in the recent breach has been leaked. “We are conducting …
LastPass, GoTo announce security incident
LastPass and its affiliate GoTo (formerly LogMeIn) have announced that they suffered a security incident and, in LastPass’ case, a possible data breach. “Based on …
Featured news
Resources
Don't miss
- Hawk Eye: Open-source scanner uncovers secrets and PII across platforms
- The Zoom attack you didn’t see coming
- Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)
- The UK’s phone theft crisis is a wake-up call for digital security
- Securing digital products under the Cyber Resilience Act